www.dfast.app Open in urlscan Pro
172.67.174.131 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents
Submission Tags: @phish_report
Submission: On November 26 via api (November 26th 2024, 8:48:02 pm UTC) from FI — Scanned from FI

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 172.67.174.131, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.dfast.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 13th 2024. Valid for: a year.

This is the only time www.dfast.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	172.67.174.131 172.67.174.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	195.154.94.155 195.154.94.155	12876 (AS12876 S...) (AS12876 SCALEWAY S.A.S.)
8	2

6 172.67.174.131 (United States)

ASN13335 (CLOUDFLARENET, US)

www.dfast.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.154.94.155 (Ivry-sur-Seine, France)

ASN12876 (AS12876 SCALEWAY S.A.S., FR)
PTR: 195-154-94-155.rev.poneytelecom.eu

piwik.everzones.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dfast.app www.dfast.app	61 KB
2	everzones.com piwik.everzones.com	64 KB
8	2

	Domain	Requested by
6	www.dfast.app	www.dfast.app
2	piwik.everzones.com	www.dfast.app
8	2

This site contains no links.

Subject Issuer	Validity	Valid
dfast.app Cloudflare Inc ECC CA-3	`2024-01-13` - `2024-12-31`	a year	crt.sh
piwik.everzones.com R10	`2024-09-28` - `2024-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents
Frame ID: C09525CB66EE411E6FE44B8D98AA3A38
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404

Detected technologies

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

126 kB
Transfer

204 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	404	Primary Request com-xcaret-xcaretevents Show response www.dfast.app/xcaret-events/	30 KB 6 KB	377ms 280ms	Document text/html	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a6c140addd45518ebebe9d3a680635698a5a52b5b684e0fbf625235c9d037294` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8e8cbc910ec056bf-OSL content-encoding zstd content-type text/html; charset=UTF-8 date Tue, 26 Nov 2024 20:47:57 GMT expires Wed, 27 Nov 2024 20:47:57 GMT last-modified Tue, 26 Nov 2024 20:47:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZiu97YZ%2B%2BcIPbnhE6U%2BtqCmrqKs8HuoQ7lD6PEZa1sIW%2FR%2B3MdNixSUBmjGDv5%2BaeL9bhG%2BQKWZD4K9WMDXoB151KPbS0%2FHxfD5L9cxje887%2B9xmXXMBLLSzXPsYiAp"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=58796&min_rtt=58698&rtt_var=9373&sent=12&recv=10&lost=0&retrans=0&sent_bytes=3939&recv_bytes=4537&delivery_rate=333&cwnd=12000&unsent_bytes=0&cid=02386df685cf215d&ts=288&x=1" cfHdrFlush;dur=0 vary Accept-Encoding Accept-Encoding
GET H3	200	jsloader.php Show response www.dfast.app/202202/	92 KB 35 KB	292ms 291ms	Script text/html	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.dfast.app/202202/jsloader.php?f=jquery.js@common.js Requested by Host: www.dfast.app URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `86327ac32e8022914c1fd7afa8f88268df55976d4130225058051ec8d5191922` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Response headers cache-control max-age=2592000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status DYNAMIC pragma cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdoDwlaFP6%2Fl2rFRGnpcedRAwbFnolcYrT0xMIsp76yfO9WJfB5v9amONSjkLCvv%2BfRLVPxH08tp%2BUlUdfFFfs2yrb9b9b7uVRqguS8i8j%2FhOzWxj5gX5v9HMvBxsqkE"}],"group":"cf-nel","max_age":604800} cf-ray 8e8cbc92c97b56bf-OSL expires Thu, 26 Dec 2024 20:47:58 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=62539&min_rtt=58672&rtt_var=9131&sent=34&recv=19&lost=0&retrans=0&sent_bytes=25129&recv_bytes=6267&delivery_rate=41209&cwnd=12000&unsent_bytes=0&cid=02386df685cf215d&ts=573&x=1", cfHdrFlush;dur=13 date Tue, 26 Nov 2024 20:47:58 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding, Accept-Encoding server cloudflare
GET H3	200	logo.png www.dfast.app/static/img/	2 KB 3 KB	73ms 73ms	Image image/png	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dfast.app/static/img/logo.png Requested by Host: www.dfast.app URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0518a260577dab1000a29d6ae2258ba7fa225212946b5b8ae97145868bbe4656` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Response headers cf-cache-status HIT etag "6436190e-843" age 7154 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mqG46HsgwTCoHwXyLGfUMRj3TAQ8jnQvOY5gybEccF2d4frpXInKlDISTr7xByR1RbegyS%2BwrPe%2FwnNrzs3sTTx49tGKuV%2BeLZCPhpsk4viW0fVxwubDueErVHzUfyxg"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=58792&min_rtt=58672&rtt_var=3991&sent=19&recv=16&lost=0&retrans=0&sent_bytes=10281&recv_bytes=5789&delivery_rate=107681&cwnd=12000&unsent_bytes=0&cid=02386df685cf215d&ts=368&x=1", cfHdrFlush;dur=0 date Tue, 26 Nov 2024 20:47:57 GMT content-type image/png last-modified Wed, 12 Apr 2023 02:35:58 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8e8cbc92c97d56bf-OSL accept-ranges bytes content-length 2115 server cloudflare
GET H3	200	404.jpg www.dfast.app/static/img/	6 KB 7 KB	232ms 232ms	Image image/jpeg	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dfast.app/static/img/404.jpg Requested by Host: www.dfast.app URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f5804c71c6f3e38605715167bf4531923fde0dccd710b94c75a1567634b85a89` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "64361912-1993" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5f%2F9IycMoc0kgQlR5%2BRAPKsxsXkK%2BR%2Fby1D4M0HVA1%2BkfgJWT06GLBkAZ0RT8EWNIpAeYzyC%2F7JeufPOn4ZvYxV4IHg7kRW%2FUD6oKSKaxTAC6CjgJLn%2FSU14rQBbZTL0"}],"group":"cf-nel","max_age":604800} cf-ray 8e8cbc92c98156bf-OSL accept-ranges bytes alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=62539&min_rtt=58672&rtt_var=9131&sent=23&recv=19&lost=0&retrans=0&sent_bytes=13129&recv_bytes=6267&delivery_rate=41209&cwnd=12000&unsent_bytes=0&cid=02386df685cf215d&ts=527&x=1", cfHdrFlush;dur=0 content-length 6547 date Tue, 26 Nov 2024 20:47:58 GMT content-type image/jpeg last-modified Wed, 12 Apr 2023 02:36:02 GMT vary Accept-Encoding server cloudflare
GET H3	200	icons.png www.dfast.app/static/img/	6 KB 7 KB	230ms 230ms	Image image/png	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.dfast.app/static/img/icons.png Requested by Host: www.dfast.app URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `44e8b2a7191fe9343b3ed00d812cf0e2eb1a97fe2dd082195ebe0227499be435` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status REVALIDATED etag "6716170a-1928" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J7%2BAy6HZtRX4JvZ02S0SdAfQancSA%2FnjSUH2bkGdtzy4r%2B%2F3VfdrZ3wJ9a2a8SHfX0XsfK%2BhoQD6MuFRydu2cttGOaeyGI4mJsxIbIQnamymWcWtRhEEtj0l%2F%2F73tqK6"}],"group":"cf-nel","max_age":604800} cf-ray 8e8cbc92f9c156bf-OSL accept-ranges bytes alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=62539&min_rtt=58672&rtt_var=9131&sent=30&recv=19&lost=0&retrans=0&sent_bytes=20484&recv_bytes=6267&delivery_rate=41209&cwnd=12000&unsent_bytes=0&cid=02386df685cf215d&ts=550&x=1", cfHdrFlush;dur=0 content-length 6440 date Tue, 26 Nov 2024 20:47:58 GMT content-type image/png last-modified Mon, 21 Oct 2024 08:55:38 GMT vary Accept-Encoding server cloudflare
GET H3	200	favicon.ico www.dfast.app/	4 KB 4 KB	258ms 258ms	Other image/x-icon	172.67.174.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.dfast.app/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.174.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `38185a1bc0ff907bbc38a68a3bda5e40366ddbe48e1e589e000d28e3e6ba7ac7` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status REVALIDATED etag W/"65222714-e05" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vL5Dw6wdXE8tuPEnHbUlfDM5IV6mSsdGQ8zGsu8VwN68V9B1pq2ixTqz8wC2j8etztF2sMxcOoDAKHfFx%2BZWnt0z6MAJzVYh4J0xOsjBVvjDRwqE6W%2FFs8JUiy4HgTM6"}],"group":"cf-nel","max_age":604800} cf-ray 8e8cbc951d9956bf-OSL alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=69073&min_rtt=58607&rtt_var=2264&sent=71&recv=43&lost=0&retrans=0&sent_bytes=63961&recv_bytes=7662&delivery_rate=415488&cwnd=38400&unsent_bytes=0&cid=02386df685cf215d&ts=921&x=1", cfHdrFlush;dur=0 date Tue, 26 Nov 2024 20:47:58 GMT content-type image/x-icon last-modified Sun, 08 Oct 2023 03:50:44 GMT vary Accept-Encoding server cloudflare
GET H/1.1	200 OK	piwik.js Show response piwik.everzones.com/	64 KB 64 KB	300ms 134ms	Script application/javascript	195.154.94.155 AS12876 SCALEWAY ...
General Check archive.org Show headers Download Go to Full URL https://piwik.everzones.com/piwik.js Requested by Host: www.dfast.app URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.154.94.155 Ivry-sur-Seine, France, ASN12876 (AS12876 SCALEWAY S.A.S., FR), Reverse DNS 195-154-94-155.rev.poneytelecom.eu Software openresty / Resource Hash `5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/ Response headers ETag "5bf22bef-ffb2" Connection keep-alive Accept-Ranges bytes Content-Length 65458 Date Tue, 26 Nov 2024 20:47:59 GMT Content-Type application/javascript Last-Modified Mon, 19 Nov 2018 03:20:15 GMT Server openresty
GET H/1.1	200 OK	piwik.php piwik.everzones.com/	43 B 231 B	137ms 137ms	Image image/gif	195.154.94.155 AS12876 SCALEWAY ...
General Check archive.org Show headers Download Go to Show image Full URL https://piwik.everzones.com/piwik.php?action_name=404&idsite=167&rec=1&r=227835&h=22&m=47&s=59&url=https%3A%2F%2Fwww.dfast.app%2Fxcaret-events%2Fcom-xcaret-xcaretevents&_id=4dda993bb4156176&_idts=1732654079&_idvc=1&_idn=0&_refts=0&_viewts=1732654079&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=282&pv_id=HzkAeY Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.154.94.155 Ivry-sur-Seine, France, ASN12876 (AS12876 SCALEWAY S.A.S., FR), Reverse DNS 195-154-94-155.rev.poneytelecom.eu Software openresty / Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1 Referer https://www.dfast.app/ Response headers Transfer-Encoding chunked Cache-Control no-store Date Tue, 26 Nov 2024 20:47:59 GMT Content-Type image/gif Server openresty Connection keep-alive

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.dfast.app/	1970-01-21 10:43:29	Name: _pk_id.167.fb52 Value: 4dda993bb4156176.1732654079.1.1732654079.1732654079.
			www.dfast.app/	1970-01-21 01:17:35	Name: _pk_ses.167.fb52 Value: *

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.dfast.app/xcaret-events/com-xcaret-xcaretevents Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

piwik.everzones.com
www.dfast.app
172.67.174.131
195.154.94.155
0518a260577dab1000a29d6ae2258ba7fa225212946b5b8ae97145868bbe4656
38185a1bc0ff907bbc38a68a3bda5e40366ddbe48e1e589e000d28e3e6ba7ac7
44e8b2a7191fe9343b3ed00d812cf0e2eb1a97fe2dd082195ebe0227499be435
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632
86327ac32e8022914c1fd7afa8f88268df55976d4130225058051ec8d5191922
a6c140addd45518ebebe9d3a680635698a5a52b5b684e0fbf625235c9d037294
f5804c71c6f3e38605715167bf4531923fde0dccd710b94c75a1567634b85a89

www.dfast.app Open in urlscan Pro 172.67.174.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

126 kBTransfer

204 kBSize

2 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

www.dfast.app Open in urlscan Pro
172.67.174.131 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

126 kB
Transfer

204 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions